CN100574181C - Mobile phone is received method and the device that data are carried out virus scan and processing - Google Patents

Mobile phone is received method and the device that data are carried out virus scan and processing Download PDF

Info

Publication number
CN100574181C
CN100574181C CNB2006100269884A CN200610026988A CN100574181C CN 100574181 C CN100574181 C CN 100574181C CN B2006100269884 A CNB2006100269884 A CN B2006100269884A CN 200610026988 A CN200610026988 A CN 200610026988A CN 100574181 C CN100574181 C CN 100574181C
Authority
CN
China
Prior art keywords
data
submodule
virus
mobile phone
viral
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2006100269884A
Other languages
Chinese (zh)
Other versions
CN101079689A (en
Inventor
王蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Sunrise Simcom Electronic Technology Co Ltd
Original Assignee
Shanghai Chenxing Electronics Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Chenxing Electronics Science and Technology Co Ltd filed Critical Shanghai Chenxing Electronics Science and Technology Co Ltd
Priority to CNB2006100269884A priority Critical patent/CN100574181C/en
Publication of CN101079689A publication Critical patent/CN101079689A/en
Application granted granted Critical
Publication of CN100574181C publication Critical patent/CN100574181C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

A kind of method and device that mobile phone reception data are carried out virus scan and processing, its step comprises: a. tentatively filters the data that receive, and extracts the suspicious data section; B. whether the suspicious data that extracts is carried out rescan, checking has viral element to exist; C. if having viral element, the processing of then killing virus; Its virus killing device comprises the decoded packet data submodule that connects with data flow successively, filters submodule, suspicious data extraction submodule, secondary filter submodule and virus treated submodule for the first time.The present invention has dwindled examination scope, thereby has accelerated processing speed owing to need not scan whole packet, and, after the discovery virus, can realize a virus-isolating data, keep normal data message.

Description

Mobile phone is received method and the device that data are carried out virus scan and processing
Technical field
The present invention relates to preventing virus and killing method and the device that removes virus of a kind of mobile phone, specifically, is method and the device that carries out gas defence and virus killing about the data that receive at mobile phone.
Background technology
Along with popularizing that mobile phone is used, the particularly smart mobile phone widespread usage in people's life, mobile phone is connected on the diverse network more and more, the business of realization information and exchanges data.This just makes mobile phone become the object of attack of various viruses inevitably.Therefore, in mobile phone, carry out gas defence, the virus killing seem very necessary.
Than computer, its oneself characteristics are arranged for the gas defence of mobile phone, virus killing.At first, mobile phone all can't be compared with computer on the size of internal memory still is the processing speed of CPU, therefore needs to improve as much as possible the sweep speed of carrying out gas defence and virus killing, to reduce taking cpu resource.And from several mobile phone viruses of present discovery, the mobile phone infective virus has its specific channel.
Summary of the invention
The objective of the invention is own characteristic according to above-mentioned mobile phone a kind of method of the virus of protecting from infection and gas defence, virus killing device are provided.
Purpose of the present invention is achieved through the following technical solutions:
According to of the present invention a kind of, comprise the steps: receiving the method that data are carried out virus scan and processing
Step 1 is tentatively filtered the data that receive, and extracts the suspicious data section;
Step 2 is carried out secondary filter to the suspicious data section of extracting, and whether check has viral element to exist;
Step 3 is pointed out the user and is made respective handling according to scanning result.
Further, step S 1In said the data that receive are tentatively filtered, the multimedia message that is meant that mobile phone receives or the packet of Email, tentatively scan, coded system according to multimedia message, find header and body information, find out the accessory information that comprises, if find that the feasibility file is arranged or comprise some current Virus Name files by name by the decoded information head, then they are defined as suspicious content, and this segment data section is directly extracted;
Step S 2In saidly the suspicious data section of being extracted carried out the second time filter, be meant whether the feature code inspection according to the various viruses of having found has viral element to exist;
Wherein step 3 comprises: 1) preserve all data; 2) delete whole packet; 3) delete viral packet; 4) all data of shielding viral source side.
According to same total inventive concept, a kind of device that mobile phone reception data are carried out virus scan and processing of the present invention, comprise the decoded packet data submodule that connects with data flow successively, the first submodule that filters, suspicious data extracts sub-piece, secondary filter submodule and virus treated submodule, and normally receive submodule, wherein:
This decoded packet data submodule, the multimedia message that it receives mobile phone or the packet of Email are decoded, and find out header and body information according to coded system;
Should filter submodule for the first time, itself and decoded packet data submodule connect with data flow, find out the accessory information that comprises by the decoded information that receives, to containing enforceability files such as exe, sis, or contain some virus documents that name is called current discovery and all be defined as suspicious content, otherwise, be defined as normal content, contain viral data segment and normal data section thereby be separated into to doubt, make first filtration;
This suspicious data extracts submodule, and it connects with data flow with the first submodule that filters, and receives separate doubtful and contains viral data segment;
Be somebody's turn to do the normal submodule that receives, it connects the normal data section that reception is separated with the first submodule that filters mutually with data flow; This secondary filter submodule, itself and suspicious data extract submodule and connect with data flow, doubtfully contain viral data segment to what send here, whether have according to the various virus pattern code inspections of having found and to contain viral element, separate the normal data section that contains viral element, with contain containing of viral element of viral data segment, and the normal data section is sent into normal reception submodule; This virus treated submodule, it makes corresponding processing to the viral data segment that the secondary filter submodule is sent here according to user instruction.
Further, said virus treated submodule comprises the whole packet of deletion according to user instruction to the processing that mobile phone receives data, or only the data segment of virus is carried in deletion; Or all data that shielding viral source side sends after the user confirms.
Positive progressive effect of the present invention is: at the specific channel of mobile phone PI virus and the characteristics of data transmission format, provide a kind of high efficiency virus scan method and device.
Description of drawings
Fig. 1 is a program circuit schematic diagram of the present invention;
Fig. 2 is a block diagram of the present invention.
Embodiment
Provide preferred embodiment of the present invention below in conjunction with Fig. 1 and Fig. 2, and described in detail,, rather than be used for limiting scope of the present invention so that those skilled in the art are easier to understand architectural feature of the present invention and functional characteristics.
As Fig. 1, a kind of to receiving the program 1000 that data are carried out virus scan and processing:
Step 1000 mobile phone receives the packet of a multimedia message or Email;
Step 1001,1002, at first the packet that receives is carried out preliminary scanning, coded system according to multimedia message finds header and body information, finds out the accessory information that comprises by the decoded information head, if find to have enforceability files such as .exe .sis, the file that perhaps comprises some Virus Names of current discovery by name, then they are defined as suspicious content, execution in step 1003,1004; Otherwise execution in step 1005 normally receives data;
Step 1003 is if find the suspected virus content, just this data segment is directly extracted;
Step 1004 is carried out rescan to the data segment that extracts, has step 1006 checked that according to the feature code of the various viruses of having found viral element exists? if it is virus-free existence makes execution in step 1005, normal. receive data; Otherwise execution in step 1007 if there is virus to exist, just pointed out the user, and is made corresponding processing according to user's instruction: can delete whole packet; Also only the data segment of virus is carried in deletion; Can also confirm all data that shielding viral source side, back sends the user.
Like this, just can scan whole packet, dwindle examination scope, thereby accelerate processing speed.And, after the discovery virus, can realize a virus-isolating data, keep normal data message.
See also Fig. 2, as shown in the figure, mobile phone gas defence of the present invention, virus killing module comprise the decoded packet data submodule 11 that connects with data flow successively, the first submodule 12 that filters, suspicious data extracts submodule 13, secondary filter submodule 14 and virus treated submodule 15, wherein:
This decoded packet data submodule 11, the multimedia message that mobile phone is received or the packet of Email are decoded, by the decoded information head, and find out the accessory information that comprises, if find to have the feasibility file, for example, exe, sis etc. or include some existing Virus Name files then are defined as suspicious content with them.Sending into first filtration submodule 12 filters for the first time, then, extracting submodule 13 through suspicious data again checks, if do not find suspicious content, then normal reception submodule 16 is sent in output, if find to have suspicious content, then secondary filter submodule 14 is taken out and sent into to this suspicious data section and carry out secondary filter, afterwards, confirm that virus-free element exists, must send into normal. receive submodule 16, if find to also have virus to exist, then send into virus treated submodule 15 and handle, or delete whole packet, or only deletion contains the data segment of virus, or shield all data that viral source side sends.

Claims (5)

1, a kind of method that mobile phone reception data are carried out virus scan and processing comprises step:
S 1The multimedia message that mobile phone is received or the packet of Email, tentatively scan, coded system according to multimedia message, find header and body information, find out the accessory information that comprises by the decoded information head, if finding has the feasibility file or comprise the file that is called some current Virus Names, then they are defined as suspicious content, and extract the suspicious data section;
S 2Whether the suspicious data section of being extracted is carried out the second time filter, checking has viral element to exist;
S 3According to the filtering result second time of being carried out, the prompting user also handles accordingly.
2, the method that mobile phone reception data are carried out virus scan and processing according to claim 1 is characterized in that step S 2In saidly the suspicious data section of being extracted carried out the second time filter, be meant whether the feature code inspection according to the various viruses of having found has viral element to exist.
3, the method that mobile phone reception data are carried out virus scan and processing according to claim 1 and 2 is characterized in that step S 3In said prompting user and handling accordingly, comprising: 1) preserve all data; Or 2) delete whole packet; Or 3) delete viral packet; Or 4) all data of shielding viral source side.
4, a kind of device that mobile phone reception data are carried out virus scan and processing, it is characterized in that, comprise the decoded packet data submodule (11) that connects with data flow, the first submodule (12) that filters, suspicious data extracts submodule (13), secondary filter submodule (14) and virus treated submodule (15), and normally receive submodule (16), wherein:
This decoded packet data submodule (11), the multimedia message that it receives mobile phone or the packet of Email are decoded, and find out header and body information according to coded system;
Should filter submodule (12) for the first time, itself and decoded packet data submodule (11) connect with data flow, find out the accessory information that comprises by the decoded information that receives, to contain the enforceability file, or contain the annex of file that name is called some Virus Names of current discovery and all be defined as suspicious content, otherwise, be defined as normal content, contain viral data segment and normal data section thereby be separated into to doubt, make first filtration;
This suspicious data extracts submodule (13), and it connects with data flow with the first submodule (12) that filters, and receives separate doubtful and contains viral data segment;
Should normally receive submodule (16), it connects with data flow mutually with the first submodule (12) that filters, and receives the normal data section of separating;
This secondary filter submodule (14), itself and suspicious data extract submodule (13) and connect with data flow, doubtfully contain viral data segment to what send here, whether contain viral element according to the various virus pattern code inspections of having found, isolate the normal data section that does not contain viral element, with contain containing of viral element of viral data segment, and the normal data section is sent into normal reception submodule (16);
This virus treated submodule (15), it contains viral data segment to what secondary filter submodule (14) was sent here, makes corresponding processing according to user instruction.
5, the device that mobile phone reception data are carried out virus scan and processing according to claim 4, it is characterized in that, said virus treated submodule (15) comprises the whole packet of deletion according to user instruction to the processing that mobile phone receives data, or only the data segment of virus is carried in deletion, or confirms all data that shielding viral source side, back sends the user.
CNB2006100269884A 2006-05-26 2006-05-26 Mobile phone is received method and the device that data are carried out virus scan and processing Expired - Fee Related CN100574181C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2006100269884A CN100574181C (en) 2006-05-26 2006-05-26 Mobile phone is received method and the device that data are carried out virus scan and processing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2006100269884A CN100574181C (en) 2006-05-26 2006-05-26 Mobile phone is received method and the device that data are carried out virus scan and processing

Publications (2)

Publication Number Publication Date
CN101079689A CN101079689A (en) 2007-11-28
CN100574181C true CN100574181C (en) 2009-12-23

Family

ID=38906944

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006100269884A Expired - Fee Related CN100574181C (en) 2006-05-26 2006-05-26 Mobile phone is received method and the device that data are carried out virus scan and processing

Country Status (1)

Country Link
CN (1) CN100574181C (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20100023494A (en) * 2008-08-22 2010-03-04 엘지전자 주식회사 Mobile terminal and method for protecting a virus in thereof
CN102043840A (en) * 2010-12-13 2011-05-04 北京安天电子设备有限公司 Method and system for detecting and tracking cookie cache files
CN102592103B (en) * 2011-01-17 2015-04-08 中国电信股份有限公司 Secure file processing method, equipment and system
CN102045368A (en) * 2011-01-20 2011-05-04 中兴通讯股份有限公司 Virus preventing method of intelligent mobile terminal and system
CN102663285B (en) * 2012-03-21 2015-06-10 北京奇虎科技有限公司 Extracting method and extracting device for APK (android package) virus characteristic code
CN104715200A (en) * 2012-05-04 2015-06-17 北京奇虎科技有限公司 Method and device for identifying viral APK (Android application package file)
CN102915359B (en) * 2012-10-16 2016-08-10 北京奇虎科技有限公司 File management method and device
CN103729937A (en) * 2013-12-20 2014-04-16 广西科技大学 Electric vehicle charging and billing monitor system
CN104376259B (en) * 2014-09-12 2017-04-05 腾讯科技(深圳)有限公司 A kind of method and apparatus of detection virus
CN104598819B (en) * 2015-01-09 2017-12-26 百度在线网络技术(北京)有限公司 A kind of methods, devices and systems for scan compression bag
CN105991395B (en) * 2015-01-30 2019-04-09 杭州迪普科技股份有限公司 Attachment replacement method and device
CN107045610B (en) * 2017-05-08 2020-06-12 Oppo广东移动通信有限公司 Data migration method, terminal device and computer readable storage medium
CN112149115A (en) * 2020-08-28 2020-12-29 杭州安恒信息技术股份有限公司 Method and device for updating virus library, electronic device and storage medium

Also Published As

Publication number Publication date
CN101079689A (en) 2007-11-28

Similar Documents

Publication Publication Date Title
CN100574181C (en) Mobile phone is received method and the device that data are carried out virus scan and processing
US10462164B2 (en) Resisting the spread of unwanted code and data
RU107616U1 (en) SYSTEM OF QUICK ANALYSIS OF DATA STREAM ON THE AVAILABILITY OF MALICIOUS OBJECTS
CN101291323B (en) Using partly determination finite automatic mode matching for network attack detection
US8353040B2 (en) Automatic extraction of signatures for malware
US8042184B1 (en) Rapid analysis of data stream for malware presence
US20140189879A1 (en) Method for identifying file type and apparatus for identifying file type
US20060174345A1 (en) Apparatus and method for acceleration of malware security applications through pre-filtering
CN101888445A (en) Integrated method for filtering short message by introducing query software
CN112039904A (en) Network traffic analysis and file extraction system and method
GB2357939A (en) E-mail virus detection and deletion
CN102801859A (en) Method and device for identifying junk short message, and mobile communication terminal with device
JP7049087B2 (en) Technology to detect suspicious electronic messages
CN105335354A (en) Cheat information recognition method and device
US20180262470A1 (en) Secure document transmission
CN102510563A (en) Method and system for detecting malicious software of mobile Internet
US20140123288A1 (en) Network intrusion detection apparatus and method using perl compatible regular expressions-based pattern matching technique
Puchalski et al. Stegomalware detection through structural analysis of media files
CN111083307A (en) File detection and cracking method based on steganography
CN108123789B (en) Method and device for analyzing security attack
US20050060583A1 (en) System and method for advanced intrusion avoidance
AU2012258355B9 (en) Resisting the Spread of Unwanted Code and Data
JP2006166042A (en) E-mail filtering system, mail transfer device and e-mail filtering method used for them
US20140157412A1 (en) Device, method and non-transitory computer readable storage medium thereof for performing anonymous testing on electronic digital
CN107548027A (en) Data push method, device, equipment and computer-readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: SHANGHAI CHENXING SIMCOM ELECTRONIC TECHNOLOGY CO.

Free format text: FORMER NAME: SHANGHAI CHENXING ELECTRONIC TECHNOLOGY CO., LTD.

CP01 Change in the name or title of a patent holder

Address after: 201700 Shengli Road, Qingpu District, Shanghai, No. 888

Patentee after: Shanghai Sunrise Simcom Electronic Technology Co., Ltd.

Address before: 201700 Shengli Road, Qingpu District, Shanghai, No. 888

Patentee before: Shanghai Chenxing Electronics Science & Technology Co., Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20091223

Termination date: 20180526